James Pooley

It’s a social media world – and getting more and more socially active every day. But in today’s “sharing” culture, James Pooley believes you can never be too safe. Having recently completed a five-year term as deputy director general at the World Intellectual Property Organization in Geneva, Switzerland, Pooley is an expert in the fields of intellectual property, trade secrets and data security. When it comes to your social media strategies, Pooley, also is author of “Secrets: Managing Information Assets in the Age of Cyberespionage,” believes you must work diligently to protect your company’s sensitive data, proprietary information and trade secrets. Here are his insights on helping protect your brand.

Is it safe to say you can never be too careful when it comes to social media?

Yes. I’m not saying openness is inherently bad, but you have to understand that most of your employees are active on social media. For some, posting on Facebook, Instagram and Twitter is as natural as breathing. But what if they share a photo of a product prototype or accidently message a Dropbox link with confidential information? Social media and the “sharing” culture it has sparked can be real challenges to your organization.

How do you wrap your mind around this?

Acknowledge the risks and work to improve your employees’ knowledge and good judgment. Understand that you’re asking employees to go against their “digital instincts.” By its very nature, social media encourages users to publicly disclose the minutiae of their lives. They casually communicate, swap files, and use the Cloud to store and access everything. They have become experts at revealing a lot using only 140 characters. When it comes to your brand, teach them to operate based on a different set of standards that often contradict how they deal with information in their private lives.

Is it hard to get a hold on everything centered on your brand?

You have to be aware of your official social media presence. While you may not be able to fully control what your employees post on their personal social media accounts, you can certainly keep a close eye on official company Twitter, Facebook and other social media pages. Have a safety net of trusted employees monitoring and maintaining your company’s presence on social media to stop potentially revealing posts from ever reaching the public. Also, regularly change passwords to lock out account hackers.

Where’s the best place to start?

Put it in writing. Don’t assume that a few informal warnings or cautionary tales will keep all of your employees from tweeting and posting what they shouldn’t. If your company already has general policies about the disclosure of information assets, make them part of the official set of rules that govern employees’ use of social media. These policies will reinforce the need to keep personal and work issues separated, and not to post about what is going on inside the company.

In the end, does it all come down to education?

Yes. You must train, train, and then train some more. You can mitigate much of the risks by creating a quality-training program that engages your employees as part of your security team. They’ll make fewer mistakes themselves on social media (and elsewhere), and they’ll also watch out for the mistakes of others. Keep in mind that the best training is continuous, careful, upbeat and professional, and does not rely on threats. Be sure to include everyone – not just key knowledge workers. That includes contractors, temporary employees and interns.